Total
6084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20015 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| YzmCMS v5.2 has admin/role/add.html CSRF. | |||||
| CVE-2018-1934 | 1 Ibm | 1 Cognos Business Intelligence | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179. | |||||
| CVE-2018-1927 | 1 Ibm | 1 Storediq | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
| CVE-2018-1926 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. | |||||
| CVE-2018-1858 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256. | |||||
| CVE-2018-1790 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 148944. | |||||
| CVE-2018-1712 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. | |||||
| CVE-2018-1661 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887. | |||||
| CVE-2018-1622 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. | |||||
| CVE-2018-1514 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. | |||||
| CVE-2018-1479 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761. | |||||
| CVE-2018-1455 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. | |||||
| CVE-2018-1442 | 1 Ibm | 1 Monitoring | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139598. | |||||
| CVE-2018-1434 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474. | |||||
| CVE-2018-1432 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. | |||||
| CVE-2018-1230 | 1 Pivotal Software | 1 Spring Batch Admin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. A remote unauthenticated user could craft a malicious site that executes requests to Spring Batch Admin. This issue has not been patched because Spring Batch Admin has reached end of life. | |||||
| CVE-2018-1213 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application. | |||||
| CVE-2018-1098 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. | |||||
| CVE-2018-19969 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. | |||||
| CVE-2018-19948 | 1 Qnap | 1 Helpdesk | 2024-11-21 | 4.3 MEDIUM | 2.0 LOW |
| The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||